Got done over by joomla hackers

[magicberry]

I know I will cop it for this one... I got a website which I have been running on a $3USD hosting account. The site was done in Joomla 1.0.14 some 3 years ago. About 12 months ago I decided to add some affiliate links to it... Sure enough since then it has been doing well it is now ranking well in google and was generating at one stage there 2 months ago about $200 per day...I had a since left it to its own devices to find out yesterday that it got hacked a beauty... some smartasses went through updated my default admin account in joomla with a new password so they could have free reign over the site...

well it so happens that the traffic went through the roof and I got an email from the hosting company telling me the site had been brought offline due to excessive load on the mysql db. I thought shit better check it out... sure enough site was fucked... long story short had to do a restore, reset all permissions on files and folders which took me 12 hours to do... finally got site back up and running... In my travels though I found a cool script at Default Joomla Admin User Changer | Nultz | Joomla Templates | Joomla which cost me $5 but saved me time... I just hope it works long term...

So apart from my bitching about the whole thing... is this something that has happened to anyone else on here?

 

[identity_00]

I have had a few wordpress sites hacked before. i am not very good at constantly going back updating them to the most current versions.

 

[papajohn56]

your jamula isn't safe bro

 

[magicberry]

papa I realised that after it happened. I have not got it all locked down and working good again

It is hard to keep them up to date all the time esp after building so many. how do you guys keep them safe?

 

[johnjassa]

JAMOOOOOOOOLA

JAMOOOOOOOOLA

 

[Soupyone]

One of my clients (an insurance company) got hacked through the CKforms plug in. Turned their website into a giant phishing website for four major UK banks.

Took me two hours to clean everything up.

If I'm ever locked in a room with a Turkish hacker consequences will never be the same.

 

[vilesyntax]

i had a writer on a blog with their permissions set too high (hindsight is great), and he got disgruntled, wrote a plugin that wiped the whole DB. thankfully i run backups once at least once a week.

 

[KaniGT5]

I hear there is a pretty good. consultant jamula who can tighten help you security. he goes by Throlson.

 

[Andrew Scherer]

berry that's just part of the game, you know this

best thing you can do is backup weekly and stay on top of CMS updates

 

[mointernet]

an easy way to prevent unauthorized admin access is to restrict your admin login page to your own IP addresses which you whitelisted in your .htaccess file.

Other than that, it is almost necessary to keep your installations updated to the latest version as outdated versions might have bugs, holes or exploits that hackers can gain alternate access to your server easily.

 

[kingscotty38]

Joomla has CRAZY holes, all I hear about Joomla is how easy it is to exploit. I've heard many horror stories when it comes to Joomla sites.

I think Wordpress in terms of CMS is much safer, but still exploitable.

 

[b_sun]

1.x has been outdated and vulnerable for YEARS. Try keeping your shit up to date.

 

[kingfish]

$200 a day site
$3 hosting account

yeah